TITLE: Internet Explorer 7 Popup Address Bar Spoofing Weakness SECUNIA ADVISORY ID: SA22542
VERIFY ADVISORY: http://secunia.com/advisories/22542/ CRITICAL: Less critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ DESCRIPTION: A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks. The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions. Secunia has constructed a demonstration, which is available at: http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/ The weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system. SOLUTION: Do not follow links from untrusted sources. ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
